Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-0400

    Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.... Read more

    Affected Products : modern singapore
    • Published: Jan. 23, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-6674

    Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter.... Read more

    Affected Products : database
    • Published: Jan. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0299

    common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.... Read more

    Affected Products : paramiko paramiko
    • Published: Jan. 16, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-3228

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-49964

    Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink allows Cross Site Request Forgery. This issue affects ClipLink: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2018-2579

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploi... Read more

    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-2939

    Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) an... Read more

    Affected Products : openssl
    • Published: Aug. 17, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-30351

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happen... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2008-0208

    Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter.... Read more

    Affected Products : snitz_forums_2000
    • Published: Jan. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0181

    Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.... Read more

    Affected Products : liferay_enterprise_portal
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-6673

    Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action.... Read more

    Affected Products : makale_scripti
    • Published: Jan. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-46720

    Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the ... Read more

    Affected Products : keystone
    • Published: May. 05, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2007-6677

    Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.... Read more

    Affected Products : random_anti-spam_image
    • Published: Jan. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-2970

    Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_se... Read more

    Affected Products : moinmoin
    • Published: Aug. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0207

    Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter... Read more

    Affected Products : pro_search
    • Published: Jan. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0131

    Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this informa... Read more

    Affected Products : dating_site
    • Published: Jan. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-3426

    Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.... Read more

    Affected Products : iphone_os
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2976

    Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, and 3.4.x before 3.4.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving a BUGLIST cookie.... Read more

    Affected Products : bugzilla
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0416

    Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1778

    Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.... Read more

    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294836 Results